VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware



Similar documents
Securing the Virtualized Data Center With Next-Generation Firewalls

Next-Generation Datacenter Security Implementation Guidelines

About the VM-Series Firewall

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Set Up a VM-Series NSX Edition Firewall

Enterprise Security Platform for Government

Set Up a VM-Series Firewall on an ESXi Server

About the VM-Series Firewall

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall

Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls

How Network Virtualization can improve your Data Center Security

Set Up a VM-Series Firewall on an ESXi Server

VMware vcloud Networking and Security Overview

Moving Beyond Proxies

REPORT & ENFORCE POLICY

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

VMware vcloud Air Networking Guide

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Netzwerkvirtualisierung? Aber mit Sicherheit!

Firewall Feature Overview

Network Virtualization Solutions - A Practical Solution

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Simplifying. Single view, single tool virtual machine mobility management in an application fluent data center network

Palo Alto Networks Next-Generation Firewall Overview

Set Up a VM-Series Firewall on the Citrix SDX Server

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Panorama. Panorama provides network security management beyond other central management solutions.

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Palo Alto Networks Next-generation Firewall Overview

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Palo Alto Networks Certified Network Security Engineer (PCNSE6) Study Guide

CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

How To Protect A Data Center From A Hacker Attack

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

Vyatta Network OS for Network Virtualization

VXLAN: Scaling Data Center Capacity. White Paper

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

Content-ID. Content-ID URLS THREATS DATA

Customer Service Description Next Generation Network Firewall

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

VMware vcloud Director for Service Providers

VMware vcloud Networking and Security

WildFire. Preparing for Modern Network Attacks

Data Center Micro-Segmentation

Next-Generation Firewall Overview

Customer Services Overview

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Using Palo Alto Networks to Protect the Datacenter

APERTURE. Safely enable your SaaS applications.

Next Generation Enterprise Network Security Platform

Catbird 6.0: Private Cloud Security

PRODUCTS & TECHNOLOGY

Business Values of Network and Security Virtualization

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Securing Virtual Applications and Servers

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

A Modern Framework for Network Security in Government

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Cisco ASA 1000V Cloud Firewall

Limiting the Spread of Threats: A Data Center for Every User

Remote PC Guide Series - Volume 1

Next Generation Network Firewall

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

GlobalProtect Overview

VMware vrealize Automation

Web Interface Reference Guide Version 6.1

Itex VMware NSX Network Virtualization Presentation

VMware vcloud Air Security TECHNICAL WHITE PAPER

Tufin Orchestration Suite

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

Aerohive Networks Inc. Free Bonjour Gateway FAQ

High Availability. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

VMware vcenter Log Insight Getting Started Guide

Scaling Next-Generation Firewalls with Citrix NetScaler

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

On-Demand Infrastructure with Secure Networks REFERENCE ARCHITECTURE

Virtualization, SDN and NFV

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Avaya Virtualization Provisioning Service

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Deploying F5 BIG-IP Virtual Editions in a Hyper-Converged Infrastructure

Deployment Guide for Citrix XenDesktop

VMware vsphere 4. Pricing, Packaging and Licensing Overview W H I T E P A P E R

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Palo Alto Networks AAC Lab Creation Guidelines v1.0

Introduction to VMware EVO: RAIL. White Paper

Palo Alto Networks Next-Generation Firewall Overview

Transcription:

VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based private, public and hybrid cloud computing environments. Identify and control applications within your virtualized environments, limit access based on users, and prevent known and unknown threats. Isolate and segment mission-critical applications and data using Zero Trust principles. Streamline policy deployment so that security keeps pace with the rate of change within your private, public or hybrid cloud. VM Virtualization technology from VMware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public, or hybrid cloud computing environments. The benefits of cloud computing are well known and significant. However, so too are the security challenges, exemplified by the many recent high-profile data breaches. Whether stored in a physical data center or in a public, private or hybrid cloud, your data is the cybercriminal s target. Securing your VMware-based cloud introduces a range of challenges, including a lack of application visibility, inconsistent security functionality, and difficulty keeping pace with the rate of change commonly found in cloud computing environments. To be successful, organizations need a cloud security solution that: Controls applications within the cloud, based on the identity, not the port and protocols it may use. Stops malware from gaining access to, and moving laterally (east-west) within the cloud. Determines who should be allowed to use the applications, and grants access based on user needs and credentials. Simplifies management and minimizes the security policy lag as VMs are added, removed or moved within the cloud environment. The Palo Alto Networks VM-Series for VMware allows you to protect your data that resides in NSX, ESXi and vcloud Air environments from cyber threats with our next-generation firewall security and advanced threat prevention features. Panorama centralized management, combined with native automation features, allows you to streamline policy management in a manner that minimizes the policy time-gap that may occur as virtual machines are added, moved or removed.

Applying next-generation security to virtualized environments The VM-Series virtualized firewall is based upon the same full-stack traffic classification engine that can be found in our physical form factor firewalls. The VM-Series natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user. The application, content, and user the elements that run your business are then used as the basis of your virtualized security policies, resulting in an improved security posture and a reduction in incident response time. Isolate mission-critical applications and data using Zero Trust principles Security best practices dictate that your mission-critical applications and data should be isolated in secure segments using Zero Trust (never trust, always verify) principles at each segmentation point. The VM-Series can be deployed throughout your virtualized environment, residing as a gateway within your virtual network or in between the VMs running in different tiers, thereby protecting east-west traffic by exerting control based on application and user identity. Block lateral movement of cyber threats Today s cyber threats will commonly compromise an individual workstation or user, and then they will move across the network, looking for a target. Within your virtual network, cyber threats will move laterally rapidly from VM to VM, in an east-west manner, placing your mission-critical applications and data at risk. Exerting application-level control using Zero Trust principles in between VMs will reduce the threat footprint while applying policies to block both known and unknown threats. Automated, transparent deployment and provisioning A rich set of APIs can be used to integrate with external orchestration and management tools, collecting information related to workload changes that can then be used to dynamically drive policy updates via VM Monitoring and Dynamic Address Groups. RESTful APIs: A flexible REST-based API allows you to integrate with third-party or custom cloud orchestration solutions. This enables the VM-Series to be deployed and configured in lockstep with virtualized workloads. Virtual Machine Monitoring: Security policies must be able to monitor and keep up with changes in virtualization environments, including VM attributes and the addition or removal of VMs. Virtual Machine Monitoring (VM monitoring) automatically polls your virtualization environments such as vcenter for virtual machine inventory and changes, collecting this data in the form of tags that can then be used in Dynamic Address Groups to keep policies up to date. Dynamic Address Groups: As your virtual machines change functions or move from server to server, building security policies based on static ddata, such as IP address, delivers limited value and can contain outdated information. Dynamic Address Groups allow you to create policies using tags [from VM Monitoring] as an identifier for virtual machines, instead of a static object definition. Multiple tags representing virtual machine attributes, such as IP address and operating system, can be resolved within a Dynamic Address Group, allowing you to easily apply policies to virtual machines, as they are created or travel across the network, without administrative intervention. Centrally manage virtualized and physical form-factor firewalls Panorama centralized network security management allows you to manage your VM-Series deployments, along with your physical security appliances, thereby ensuring policy consistency and cohesiveness. Rich, centralized logging and reporting capabilities provide visibility into virtualized applications, users and content. PAGE 2

Deployment Flexibility The VM-Series for VMware supports NSX, ESXi and vcloud Air environments. VM-Series for VMware NSX The VM-Series for NSX is a tightly integrated solution that ties together the VM-Series next-generation firewall, Panorama for centralized management, and VMware NSX to deliver on the promise of a software-defined data center. As new virtual workloads are deployed, NSX Manager simultaneously installs a VM-Series next-generation firewall on each ESXi server. Once deployed on the ESXI server, safe application enablement policies that identify, control, and protect your virtualized applications and data can be deployed to each VM-Series in an automated manner by Panorama. NSX will then begin steering select application traffic to the VM-Series for more granular application-level security. As new workloads are added, moved or removed, NSX feeds those attribute changes to Panorama, where they are translated into dynamic security policy updates to the virtual and perimeter gateway firewalls. The VM-Series for NSX supports virtual wire network interface mode, which requires minimal network configuration and simplifies network integration. NSX Manager Panorama registers the VM-Series as a service with NSX Manager Cloud Admin Real-time contextual updates on VM changes Panorama Security Admin Automated licensing, policy deployment and updates VM-Series deployed automatically by NSX; policies then steer select traffic to VM-Series for inspection VM-Series for ESXi (Stand-alone): The VM-Series on ESXi servers is ideal for networks where the virtual form factor may simplify deployment and provide more flexibility. Common deployment scenarios include: Private or public cloud computing environments where virtualization is prevalent Environments where physical space is restricted and at a premium Remote locations where shipping hardware is not practical The VM-Series for ESXi allows you to deploy safe application enablement policies that identify, control, and protect your virtualized applications and data. Panorama centralized management, and a rich set of APIs, can be used to integrate with external orchestration and management tools to collect information related to workload changes, which can then be used to dynamically drive policy updates via Dynamic Address Groups and VM Monitoring. A range of interface types, including L2, L3 and virtual wire, allow you to deploy the VM-Series for ESXi in a different interface mode for each virtualized server, depending on your needs. APIs Interfaces Objects Policies Licensing Corporate Data Center PAGE 3

VM-Series for vcloud Air: The VM-Series for vcloud Air allows you to protect your VMware-based public cloud with the same safe application enablement policies that are used to protect your ESXi-based private cloud. Common use cases include: Perimeter gateway: In this use case, the VM-Series is deployed as your gateway firewall, securing your vcloud Air environment based on application, regardless of port and protocol, while preventing known and unknown threats and controlling access based on user identity. Hybrid cloud security: In this use case, the VM-Series is configured to establish a secure, standards-based IPsec connection between your private, VMware-based cloud and your vcloud Air-based public cloud. Access to the vcloud Air environment can be controlled based on application, respective content, and user identity. Network segmentation: Protect east-west traffic between subnets and application tiers using the application and the user identity as the basis for your security policies. Panorama centralized management and a rich set of APIs can be used to integrate with external orchestration and management tools to collect information related to workload changes, which can then be used to dynamically drive policy updates via Dynamic Address Groups and VM Monitoring. The VM-Series for vcloud Air supports L3 network interface mode. vcloud Air APIs Interfaces Objects Policies Licensing Corporate Corporate Data Data Center Center PAGE 4

PERFORMANCE AND CAPACITIES 1 VM-1000-HV VM-300 VM-200 VM-100 Firewall throughput (App-ID enabled) Threat prevention throughput IPsec VPN throughput 1 Gbps 600 Mbps 250 Mbps Max sessions per second 250,000 250,000 100,000 50,000 New sessions per second 8,000 1 Performance and capacities are measured under ideal testing conditions using PAN-OS 7.0 and 4 CPU cores. VIRTUALIZATION SPECIFICATIONS HYPERVISOR SUPPORTED VM-1000-HV VMware NSX Manager 6.0, 6.1 with VMware ESXi 5.5 ESXi 5.1, ESXi 5.5 NETWORK DRIVERS All VM-Series VMware ESXi: VMXNet3 VM-300 VM-200 VM-100 ESXi 5.1, ESXi 5.5 SYSTEM REQUIREMENTS CPU cores 2, 4 or 8 Memory (Minimum) Disk drive capacity (Min/Max) 4GB 40 GB/2 TB NETWORKING FEATURES Interface Modes: L2, L3, Tap, Virtual wire (transparent mode): VM-Series for ESXi L3: vcloud Air Virtual wire (transparent mode): VM-Series for NSX Routing Modes: OSPF, RIP, BGP, Static Policy-based forwarding Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 High Availability Modes: Active/Passive with session synchronization Failure detection: Path monitoring, Interface monitoring VLANs 802.1q VLAN tags per device/per interface: 4,094/4,094 Max interfaces: 2,000 (VM-300), 500 (VM-200), 100 (VM-100) Network Address Translation (NAT) NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation) NAT64 Additional NAT features: dynamic IP reservation, dynamic IP and port oversubscription IPv6 L2, L3, tap, virtual wire (transparent mode) Features: App-ID, User-ID, Content-ID, WildFire and SSL decryption To view additional information on the VM-Series security features and associated capacities, please visit www.paloaltonetworks.com/products. 4401 Great America Parkway Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788 Support: +1.866.898.9087 www.paloaltonetworks.com Copyright 2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_DS_VMS_061215

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information